feat: add enterprise network configuration support

[austenstone]

Overview

This PR adds enterprise-scoped hosted compute network configuration support for GitHub-hosted private networking.

It introduces a new github_enterprise_network_configuration resource and adds network_configuration_id support to github_enterprise_actions_runner_group so enterprise runner groups can be associated with hosted compute network configurations.

This work is closely related to the organization-scoped implementation in #2895, and follows the same review-driven cleanup patterns to stay aligned with current project conventions.

What this PR adds

• New resource: github_enterprise_network_configuration
• Full CRUD support for enterprise network configurations
• Import support for enterprise network configurations
• network_configuration_id support in github_enterprise_actions_runner_group
• Acceptance coverage for enterprise network configuration create/update/import flows
• Acceptance coverage for enterprise runner group private networking association flows
• Documentation updates for enterprise network configuration and enterprise runner groups

Notes

• GitHub-hosted private networking is attached through the runner group via network_configuration_id.
• The runner group create endpoint does not accept network_configuration_id, so the provider applies the networking association with a follow-up PATCH after creation.
• This branch was cleaned up to mirror the review feedback already applied on the organization-scoped work in #2895: direct state setting in Create, safer GitHub error response checks, and ConfigStateChecks for the newer acceptance assertions.
• This PR also includes a small correctness fix in the touched runner group read path: getOrganizationRunnerGroup now only swallows 304 Not Modified instead of treating arbitrary ErrorResponse values as cache hits.
• Runner group Create now sets Terraform state directly from the create response and only falls back to a follow-up Read when the private networking association requires the extra PATCH.

Validation

• make testacc
• make test

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[deiga]

Your validation commands would not actually run the tests. You should use make testacc and make test

[tag-assistant]

Re-review ✅

All previous feedback addressed, plus some nice extras:

Addressed:

• ✅ Shared runnerGroupNetworking struct + helpers in resource_github_actions_runner_group_networking.go — clean dedup
• ✅ getRunnerGroupNetworking now takes a path string, works for both org and enterprise scopes
• ✅ Trailing newline fixed on enterprise docs
• ✅ StatusNotModified handling added to getRunnerGroupNetworking — consistent with the rest of the codebase

Bonus improvements (not requested):

• 🧪 173-line unit test file for all three shared helpers (get, update, setState) — including 304 handling and null payload for removal. Solid.
• 🔧 normalizeEtag() in util.go to handle weak vs strong ETag drift between create and read paths — nice catch, prevents state churn.
• 🧪 Unit tests for normalizeEtag covering empty, strong, weak, and whitespace cases.

LGTM. Ship it 🚢

[deiga]

Partial review

[deiga]

issue: use only go-github provided functions

[austenstone]

I checked go-github v83 locally before changing this — there isn’t a first-class runner-group networking method for this endpoint yet, so this still has to stay as a thin NewRequest/Do shim for now.

[austenstone]

With google/go-github#4099, UpdateOrganizationRunnerGroup now accepts NetworkConfigurationID in the request struct, and GetOrganizationRunnerGroup returns it on the response. So yes — once that merges, this raw call can be replaced with the native go-github UpdateOrganizationRunnerGroup/UpdateEnterpriseRunnerGroup functions and the separate getRunnerGroupNetworking GET becomes unnecessary too.

[austenstone]

Org side is now fully native — no more raw calls for org runner groups. The helpers file is still needed for enterprise since go-github hasn't released a version with NetworkConfigurationID on EnterpriseRunnerGroup / UpdateEnterpriseRunnerGroupRequest yet (google/go-github#4099 merged but isn't in a release). Once that ships, a follow-up PR will switch enterprise to native functions and remove the helpers entirely.

[deiga]

Partial review

[deiga]

Isn't this UpdateOrganizationRunnerGroup what you're looking for?

[austenstone]

Yes — once google/go-github#4099 merges, UpdateOrganizationRunnerGroup will carry NetworkConfigurationID natively and this raw call goes away.

[deiga]

That doesn't make sense. The function already exists

[austenstone]

You're right — my earlier reply was wrong. I confused the org and enterprise types. UpdateOrganizationRunnerGroup already had NetworkConfigurationID in go-github; the missing field was only on the enterprise side.

Fixed — org Create and Update now pass NetworkConfigurationID natively via CreateRunnerGroupRequest / UpdateRunnerGroupRequest. The separate PATCH is gone. Read also pulls NetworkConfigurationID directly from the RunnerGroup response instead of the separate networking GET.

Enterprise still uses raw calls since go-github doesn't have NetworkConfigurationID on the enterprise types yet (added in google/go-github#4099, merged but not released). Will switch enterprise to native functions once that ships in a go-github release.

[deiga]

If the functions don't exist in go-github, then you should open a PR in there to add them. We don't accept direct API endpoint interactions

[austenstone]

All review feedback addressed except the raw NewRequest/Do calls — those are blocked on google/go-github#4099 which adds NetworkConfigurationID to the runner group structs. Once that merges and we bump the dependency, the helpers file goes away and networking flows through the native UpdateOrganizationRunnerGroup/UpdateEnterpriseRunnerGroup functions.

[deiga]

Please mark this as Draft until the go-github version is released and an upgrade PR is merged. We will not accept PRs with direct API interactions